diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-10-10 08:32:07 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-10-10 08:32:07 +0200 |
commit | 80c4b5e316002b6b5d2ffaf22a22f8f8cce1a142 (patch) | |
tree | cbf438fb2eae55ba85259ea260fb4f245d947e0f /lib | |
parent | 9ffddfaf6a983378358eef7d33f32b9da49662f7 (diff) | |
download | gnutls-80c4b5e316002b6b5d2ffaf22a22f8f8cce1a142.tar.gz |
session->key no longer needs to be an allocated structure.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/auth/anon.c | 4 | ||||
-rw-r--r-- | lib/auth/anon_ecdh.c | 4 | ||||
-rw-r--r-- | lib/auth/cert.c | 18 | ||||
-rw-r--r-- | lib/auth/dh_common.c | 50 | ||||
-rw-r--r-- | lib/auth/dhe.c | 4 | ||||
-rw-r--r-- | lib/auth/dhe_psk.c | 8 | ||||
-rw-r--r-- | lib/auth/ecdh_common.c | 42 | ||||
-rw-r--r-- | lib/auth/psk.c | 16 | ||||
-rw-r--r-- | lib/auth/psk_passwd.c | 2 | ||||
-rw-r--r-- | lib/auth/rsa.c | 44 | ||||
-rw-r--r-- | lib/auth/rsa_export.c | 30 | ||||
-rw-r--r-- | lib/auth/srp.c | 46 | ||||
-rw-r--r-- | lib/auth/srp_passwd.c | 2 | ||||
-rw-r--r-- | lib/auth/srp_rsa.c | 2 | ||||
-rw-r--r-- | lib/ext/srp.c | 2 | ||||
-rw-r--r-- | lib/ext/status_request.c | 2 | ||||
-rw-r--r-- | lib/gnutls_auth.c | 64 | ||||
-rw-r--r-- | lib/gnutls_auth.h | 2 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 2 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 12 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 10 | ||||
-rw-r--r-- | lib/gnutls_state.c | 58 | ||||
-rw-r--r-- | lib/gnutls_ui.c | 4 | ||||
-rw-r--r-- | lib/gnutls_x509.c | 2 |
25 files changed, 208 insertions, 224 deletions
diff --git a/lib/auth/anon.c b/lib/auth/anon.c index 789e9084a9..0071761309 100644 --- a/lib/auth/anon.c +++ b/lib/auth/anon.c @@ -69,7 +69,7 @@ gen_anon_server_kx (gnutls_session_t session, gnutls_buffer_st* data) gnutls_anon_server_credentials_t cred; cred = (gnutls_anon_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL); if (cred == NULL) { gnutls_assert (); @@ -119,7 +119,7 @@ proc_anon_client_kx (gnutls_session_t session, uint8_t * data, const bigint_t *mpis; cred = (gnutls_anon_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL); if (cred == NULL) { gnutls_assert (); diff --git a/lib/auth/anon_ecdh.c b/lib/auth/anon_ecdh.c index 63e72edd4a..b81f97e273 100644 --- a/lib/auth/anon_ecdh.c +++ b/lib/auth/anon_ecdh.c @@ -67,7 +67,7 @@ gen_anon_ecdh_server_kx (gnutls_session_t session, gnutls_buffer_st* data) gnutls_anon_server_credentials_t cred; cred = (gnutls_anon_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL); if (cred == NULL) { gnutls_assert (); @@ -99,7 +99,7 @@ proc_anon_ecdh_client_kx (gnutls_session_t session, uint8_t * data, gnutls_anon_server_credentials_t cred; cred = (gnutls_anon_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL); if (cred == NULL) { gnutls_assert (); diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 44835f03e9..34bc6d2dd4 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -475,7 +475,7 @@ call_get_cert_callback (gnutls_session_t session, unsigned int pcert_length = 0; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -698,7 +698,7 @@ _select_client_cert (gnutls_session_t session, gnutls_datum_t *issuers_dn = NULL; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -1080,7 +1080,7 @@ _gnutls_proc_x509_server_crt (gnutls_session_t session, gnutls_datum_t tmp; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -1223,7 +1223,7 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session, unsigned int subkey_id_set = 0; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -1402,7 +1402,7 @@ _gnutls_proc_crt (gnutls_session_t session, uint8_t * data, size_t data_size) gnutls_certificate_credentials_t cred; cred = - (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, + (gnutls_certificate_credentials_t) _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) @@ -1465,7 +1465,7 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, uint8_t * data, gnutls_protocol_t ver = gnutls_protocol_get_version (session); cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -1553,7 +1553,7 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, uint8_t * data, /* We should reply with a certificate message, * even if we have no certificate to send. */ - session->key->crt_requested = 1; + session->key.crt_requested = 1; return 0; } @@ -1722,7 +1722,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, */ cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -2082,7 +2082,7 @@ _gnutls_server_select_cert (gnutls_session_t session, char server_name[MAX_CN]; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index dda96fa8d7..bb1e217c35 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -66,31 +66,31 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session, _n_Y = n_Y; DECR_LEN (data_size, n_Y); - if (_gnutls_mpi_scan_nz (&session->key->client_Y, &data[2], _n_Y)) + if (_gnutls_mpi_scan_nz (&session->key.client_Y, &data[2], _n_Y)) { gnutls_assert (); return GNUTLS_E_MPI_SCAN_FAILED; } - _gnutls_dh_set_peer_public (session, session->key->client_Y); + _gnutls_dh_set_peer_public (session, session->key.client_Y); ret = - gnutls_calc_dh_key (&session->key->KEY, session->key->client_Y, session->key->dh_secret, p); + gnutls_calc_dh_key (&session->key.KEY, session->key.client_Y, session->key.dh_secret, p); if (ret < 0) return gnutls_assert_val(ret); - _gnutls_mpi_release (&session->key->client_Y); - _gnutls_mpi_release (&session->key->dh_secret); + _gnutls_mpi_release (&session->key.client_Y); + _gnutls_mpi_release (&session->key.dh_secret); if (psk_key == NULL) { - ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key); + ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key); } else /* In DHE_PSK the key is set differently */ { gnutls_datum_t tmp_dh_key; - ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key); + ret = _gnutls_mpi_dprint (session->key.KEY, &tmp_dh_key); if (ret < 0) { gnutls_assert (); @@ -102,7 +102,7 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session, } - _gnutls_mpi_release (&session->key->KEY); + _gnutls_mpi_release (&session->key.KEY); if (ret < 0) { @@ -123,8 +123,8 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, gnutls_buffer_st* bigint_t x = NULL, X = NULL; int ret; - ret = gnutls_calc_dh_secret (&X, &x, session->key->client_g, - session->key->client_p, 0); + ret = gnutls_calc_dh_secret (&X, &x, session->key.client_g, + session->key.client_p, 0); if (ret < 0) { gnutls_assert (); @@ -142,7 +142,7 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, gnutls_buffer_st* /* calculate the key after calculating the message */ ret = - gnutls_calc_dh_key (&session->key->KEY, session->key->client_Y, x, session->key->client_p); + gnutls_calc_dh_key (&session->key.KEY, session->key.client_Y, x, session->key.client_p); if (ret < 0) { gnutls_assert(); @@ -150,21 +150,21 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, gnutls_buffer_st* } /* THESE SHOULD BE DISCARDED */ - _gnutls_mpi_release (&session->key->client_Y); - _gnutls_mpi_release (&session->key->client_p); - _gnutls_mpi_release (&session->key->client_g); + _gnutls_mpi_release (&session->key.client_Y); + _gnutls_mpi_release (&session->key.client_p); + _gnutls_mpi_release (&session->key.client_g); if (_gnutls_cipher_suite_get_kx_algo (session->security_parameters.cipher_suite) != GNUTLS_KX_DHE_PSK) { - ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key); + ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key); } else /* In DHE_PSK the key is set differently */ { gnutls_datum_t tmp_dh_key; - ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key); + ret = _gnutls_mpi_dprint (session->key.KEY, &tmp_dh_key); if (ret < 0) { gnutls_assert (); @@ -175,7 +175,7 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, gnutls_buffer_st* _gnutls_free_datum (&tmp_dh_key); } - _gnutls_mpi_release (&session->key->KEY); + _gnutls_mpi_release (&session->key.KEY); if (ret < 0) { @@ -233,18 +233,18 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t session, _n_g = n_g; _n_p = n_p; - if (_gnutls_mpi_scan_nz (&session->key->client_Y, data_Y, _n_Y) != 0) + if (_gnutls_mpi_scan_nz (&session->key.client_Y, data_Y, _n_Y) != 0) { gnutls_assert (); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan_nz (&session->key->client_g, data_g, _n_g) != 0) + if (_gnutls_mpi_scan_nz (&session->key.client_g, data_g, _n_g) != 0) { gnutls_assert (); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan_nz (&session->key->client_p, data_p, _n_p) != 0) + if (_gnutls_mpi_scan_nz (&session->key.client_p, data_p, _n_p) != 0) { gnutls_assert (); return GNUTLS_E_MPI_SCAN_FAILED; @@ -257,7 +257,7 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t session, return bits; } - if (_gnutls_mpi_get_nbits (session->key->client_p) < (size_t) bits) + if (_gnutls_mpi_get_nbits (session->key.client_p) < (size_t) bits) { /* the prime used by the peer is not acceptable */ @@ -265,9 +265,9 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t session, return GNUTLS_E_DH_PRIME_UNACCEPTABLE; } - _gnutls_dh_set_group (session, session->key->client_g, - session->key->client_p); - _gnutls_dh_set_peer_public (session, session->key->client_Y); + _gnutls_dh_set_group (session, session->key.client_g, + session->key.client_p); + _gnutls_dh_set_peer_public (session, session->key.client_Y); ret = n_Y + n_p + n_g + 6; @@ -290,7 +290,7 @@ _gnutls_dh_common_print_server_kx (gnutls_session_t session, return ret; } - session->key->dh_secret = x; + session->key.dh_secret = x; _gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x)); ret = _gnutls_buffer_append_mpi(data, 16, p, 0); diff --git a/lib/auth/dhe.c b/lib/auth/dhe.c index 26e0718a40..946cc9e7aa 100644 --- a/lib/auth/dhe.c +++ b/lib/auth/dhe.c @@ -128,7 +128,7 @@ gen_dhe_server_kx (gnutls_session_t session, gnutls_buffer_st* data) gnutls_protocol_t ver = gnutls_protocol_get_version (session); cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -346,7 +346,7 @@ proc_dhe_client_kx (gnutls_session_t session, uint8_t * data, gnutls_dh_params_t dh_params; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c index 410c7c5de0..5205cf515b 100644 --- a/lib/auth/dhe_psk.c +++ b/lib/auth/dhe_psk.c @@ -93,7 +93,7 @@ gen_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data) gnutls_datum_t username, key; cred = (gnutls_psk_client_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL); if (cred == NULL) return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); @@ -144,7 +144,7 @@ gen_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data) gnutls_psk_server_credentials_t cred; cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL); if (cred == NULL) { gnutls_assert (); @@ -225,7 +225,7 @@ proc_psk_client_kx (gnutls_session_t session, uint8_t * data, ssize_t data_size = _data_size; cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL); if (cred == NULL) { @@ -301,7 +301,7 @@ proc_ecdhe_psk_client_kx (gnutls_session_t session, uint8_t * data, ssize_t data_size = _data_size; cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL); if (cred == NULL) { diff --git a/lib/auth/ecdh_common.c b/lib/auth/ecdh_common.c index 72b75641da..3655cade11 100644 --- a/lib/auth/ecdh_common.c +++ b/lib/auth/ecdh_common.c @@ -47,22 +47,22 @@ gnutls_pk_params_st pub; int ret; memset(&pub,0,sizeof(pub)); - pub.params[ECC_PRIME] = session->key->ecdh_params.params[ECC_PRIME]; - pub.params[ECC_ORDER] = session->key->ecdh_params.params[ECC_ORDER]; - pub.params[ECC_A] = session->key->ecdh_params.params[ECC_A]; - pub.params[ECC_B] = session->key->ecdh_params.params[ECC_B]; - pub.params[ECC_GX] = session->key->ecdh_params.params[ECC_GX]; - pub.params[ECC_GY] = session->key->ecdh_params.params[ECC_GY]; - pub.params[ECC_X] = session->key->ecdh_x; - pub.params[ECC_Y] = session->key->ecdh_y; + pub.params[ECC_PRIME] = session->key.ecdh_params.params[ECC_PRIME]; + pub.params[ECC_ORDER] = session->key.ecdh_params.params[ECC_ORDER]; + pub.params[ECC_A] = session->key.ecdh_params.params[ECC_A]; + pub.params[ECC_B] = session->key.ecdh_params.params[ECC_B]; + pub.params[ECC_GX] = session->key.ecdh_params.params[ECC_GX]; + pub.params[ECC_GY] = session->key.ecdh_params.params[ECC_GY]; + pub.params[ECC_X] = session->key.ecdh_x; + pub.params[ECC_Y] = session->key.ecdh_y; if (psk_key == NULL) - ret = _gnutls_pk_derive(GNUTLS_PK_EC, &session->key->key, &session->key->ecdh_params, &pub); + ret = _gnutls_pk_derive(GNUTLS_PK_EC, &session->key.key, &session->key.ecdh_params, &pub); else { gnutls_datum_t tmp_dh_key; - ret = _gnutls_pk_derive(GNUTLS_PK_EC, &tmp_dh_key, &session->key->ecdh_params, &pub); + ret = _gnutls_pk_derive(GNUTLS_PK_EC, &tmp_dh_key, &session->key.ecdh_params, &pub); if (ret < 0) { ret = gnutls_assert_val(ret); @@ -84,9 +84,9 @@ int ret; cleanup: /* no longer needed */ - _gnutls_mpi_release (&session->key->ecdh_x); - _gnutls_mpi_release (&session->key->ecdh_y); - gnutls_pk_params_release( &session->key->ecdh_params); + _gnutls_mpi_release (&session->key.ecdh_x); + _gnutls_mpi_release (&session->key.ecdh_y); + gnutls_pk_params_release( &session->key.ecdh_params); return ret; } @@ -110,7 +110,7 @@ _gnutls_proc_ecdh_common_client_kx (gnutls_session_t session, i+=1; DECR_LEN (data_size, point_size); - ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size, &session->key->ecdh_x, &session->key->ecdh_y); + ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size, &session->key.ecdh_x, &session->key.ecdh_y); if (ret < 0) return gnutls_assert_val(ret); @@ -139,12 +139,12 @@ _gnutls_gen_ecdh_common_client_kx_int (gnutls_session_t session, int curve = _gnutls_session_ecc_curve_get(session); /* generate temporal key */ - ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key->ecdh_params); + ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key.ecdh_params); if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_ecc_ansi_x963_export(curve, session->key->ecdh_params.params[6] /* x */, - session->key->ecdh_params.params[7] /* y */, &out); + ret = _gnutls_ecc_ansi_x963_export(curve, session->key.ecdh_params.params[6] /* x */, + session->key.ecdh_params.params[7] /* y */, &out); if (ret < 0) return gnutls_assert_val(ret); @@ -192,7 +192,7 @@ _gnutls_proc_ecdh_common_server_kx (gnutls_session_t session, i++; DECR_LEN (data_size, point_size); - ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size, &session->key->ecdh_x, &session->key->ecdh_y); + ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size, &session->key.ecdh_x, &session->key.ecdh_y); if (ret < 0) return gnutls_assert_val(ret); @@ -225,12 +225,12 @@ int _gnutls_ecdh_common_print_server_kx (gnutls_session_t session, gnutls_buffer return gnutls_assert_val(ret); /* generate temporal key */ - ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key->ecdh_params); + ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key.ecdh_params); if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_ecc_ansi_x963_export(curve, session->key->ecdh_params.params[6] /* x */, - session->key->ecdh_params.params[7] /* y */, &out); + ret = _gnutls_ecc_ansi_x963_export(curve, session->key.ecdh_params.params[6] /* x */, + session->key.ecdh_params.params[7] /* y */, &out); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/auth/psk.c b/lib/auth/psk.c index 858f2f9978..fa475aa6ea 100644 --- a/lib/auth/psk.c +++ b/lib/auth/psk.c @@ -78,9 +78,9 @@ _gnutls_set_psk_session_key (gnutls_session_t session, /* set the session key */ - session->key->key.size = 4 + dh_secret_size + ppsk->size; - session->key->key.data = gnutls_malloc (session->key->key.size); - if (session->key->key.data == NULL) + session->key.key.size = 4 + dh_secret_size + ppsk->size; + session->key.key.data = gnutls_malloc (session->key.key.size); + if (session->key.key.data == NULL) { gnutls_assert (); ret = GNUTLS_E_MEMORY_ERROR; @@ -93,7 +93,7 @@ _gnutls_set_psk_session_key (gnutls_session_t session, * (uint16_t) psk_size * the psk */ - p = session->key->key.data; + p = session->key.key.data; _gnutls_write_uint16 (dh_secret_size, p); p+=2; if (dh_secret == NULL) @@ -168,7 +168,7 @@ _gnutls_gen_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data) gnutls_psk_client_credentials_t cred; cred = (gnutls_psk_client_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL); if (cred == NULL) { @@ -217,7 +217,7 @@ _gnutls_proc_psk_client_kx (gnutls_session_t session, uint8_t * data, psk_auth_info_t info; cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL); if (cred == NULL) { @@ -292,7 +292,7 @@ _gnutls_gen_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data) gnutls_datum_t hint; cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL); if (cred == NULL) { @@ -327,7 +327,7 @@ _gnutls_proc_psk_server_kx (gnutls_session_t session, uint8_t * data, psk_auth_info_t info; cred = (gnutls_psk_client_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL); if (cred == NULL) { diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index 8e60bf2826..a27cb69921 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -131,7 +131,7 @@ _gnutls_psk_pwd_find_entry (gnutls_session_t session, char *username, int ret; cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL); if (cred == NULL) { gnutls_assert (); diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index 0be2653aca..4bd6b81528 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -102,7 +102,7 @@ _gnutls_get_public_rsa_params (gnutls_session_t session, GNUTLS_KX_RSA_EXPORT && _gnutls_pubkey_is_over_rsa_512(peer_cert.pubkey) == 0) { - if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL) + if (session->key.rsa[0] == NULL || session->key.rsa[1] == NULL) { gnutls_assert (); ret = GNUTLS_E_INTERNAL_ERROR; @@ -111,7 +111,7 @@ _gnutls_get_public_rsa_params (gnutls_session_t session, for (i = 0; i < params->params_nr; i++) { - params->params[i] = _gnutls_mpi_copy (session->key->rsa[i]); + params->params[i] = _gnutls_mpi_copy (session->key.rsa[i]); } ret = 0; @@ -202,9 +202,9 @@ proc_rsa_client_kx (gnutls_session_t session, uint8_t * data, if (randomize_key != 0) { - session->key->key.size = GNUTLS_MASTER_SIZE; - session->key->key.data = gnutls_malloc (session->key->key.size); - if (session->key->key.data == NULL) + session->key.key.size = GNUTLS_MASTER_SIZE; + session->key.key.data = gnutls_malloc (session->key.key.size); + if (session->key.key.data == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; @@ -212,8 +212,8 @@ proc_rsa_client_kx (gnutls_session_t session, uint8_t * data, /* we do not need strong random numbers here. */ - ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data, - session->key->key.size); + ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key.key.data, + session->key.key.size); if (ret < 0) { gnutls_assert (); @@ -223,15 +223,15 @@ proc_rsa_client_kx (gnutls_session_t session, uint8_t * data, } else { - session->key->key.data = plaintext.data; - session->key->key.size = plaintext.size; + session->key.key.data = plaintext.data; + session->key.key.size = plaintext.size; } /* This is here to avoid the version check attack * discussed above. */ - session->key->key.data[0] = _gnutls_get_adv_version_major (session); - session->key->key.data[1] = _gnutls_get_adv_version_minor (session); + session->key.key.data[0] = _gnutls_get_adv_version_major (session); + session->key.key.data[1] = _gnutls_get_adv_version_minor (session); return 0; } @@ -243,7 +243,7 @@ proc_rsa_client_kx (gnutls_session_t session, uint8_t * data, int _gnutls_gen_rsa_client_kx (gnutls_session_t session, gnutls_buffer_st* data) { - cert_auth_info_t auth = session->key->auth_info; + cert_auth_info_t auth = session->key.auth_info; gnutls_datum_t sdata; /* data to send */ gnutls_pk_params_st params; int ret; @@ -258,17 +258,17 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session, gnutls_buffer_st* data) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - session->key->key.size = GNUTLS_MASTER_SIZE; - session->key->key.data = gnutls_malloc (session->key->key.size); + session->key.key.size = GNUTLS_MASTER_SIZE; + session->key.key.data = gnutls_malloc (session->key.key.size); - if (session->key->key.data == NULL) + if (session->key.key.data == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, session->key->key.data, - session->key->key.size); + ret = _gnutls_rnd (GNUTLS_RND_RANDOM, session->key.key.data, + session->key.key.size); if (ret < 0) { gnutls_assert (); @@ -279,13 +279,13 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session, gnutls_buffer_st* data) if (session->internals.rsa_pms_version[0] == 0) { - session->key->key.data[0] = _gnutls_version_get_major (ver); - session->key->key.data[1] = _gnutls_version_get_minor (ver); + session->key.key.data[0] = _gnutls_version_get_major (ver); + session->key.key.data[1] = _gnutls_version_get_minor (ver); } else { /* use the version provided */ - session->key->key.data[0] = session->internals.rsa_pms_version[0]; - session->key->key.data[1] = session->internals.rsa_pms_version[1]; + session->key.key.data[0] = session->internals.rsa_pms_version[0]; + session->key.key.data[1] = session->internals.rsa_pms_version[1]; } /* move RSA parameters to key (session). @@ -298,7 +298,7 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session, gnutls_buffer_st* data) } ret = - _gnutls_pk_encrypt (GNUTLS_PK_RSA, &sdata, &session->key->key, + _gnutls_pk_encrypt (GNUTLS_PK_RSA, &sdata, &session->key.key, ¶ms); gnutls_pk_params_release(¶ms); diff --git a/lib/auth/rsa_export.c b/lib/auth/rsa_export.c index d547e39d45..95f815c7f0 100644 --- a/lib/auth/rsa_export.c +++ b/lib/auth/rsa_export.c @@ -76,7 +76,7 @@ _gnutls_get_private_rsa_params (gnutls_session_t session, gnutls_rsa_params_t rsa_params; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -193,9 +193,9 @@ proc_rsa_export_client_kx (gnutls_session_t session, uint8_t * data, if (randomize_key != 0) { - session->key->key.size = GNUTLS_MASTER_SIZE; - session->key->key.data = gnutls_malloc (session->key->key.size); - if (session->key->key.data == NULL) + session->key.key.size = GNUTLS_MASTER_SIZE; + session->key.key.data = gnutls_malloc (session->key.key.size); + if (session->key.key.data == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; @@ -203,8 +203,8 @@ proc_rsa_export_client_kx (gnutls_session_t session, uint8_t * data, /* we do not need strong random numbers here. */ - ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data, - session->key->key.size); + ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key.key.data, + session->key.key.size); if (ret < 0) { gnutls_assert (); @@ -214,15 +214,15 @@ proc_rsa_export_client_kx (gnutls_session_t session, uint8_t * data, } else { - session->key->key.data = plaintext.data; - session->key->key.size = plaintext.size; + session->key.key.data = plaintext.data; + session->key.key.size = plaintext.size; } /* This is here to avoid the version check attack * discussed above. */ - session->key->key.data[0] = _gnutls_get_adv_version_major (session); - session->key->key.data[1] = _gnutls_get_adv_version_minor (session); + session->key.key.data[0] = _gnutls_get_adv_version_major (session); + session->key.key.data[1] = _gnutls_get_adv_version_minor (session); return 0; } @@ -242,7 +242,7 @@ gen_rsa_export_server_kx (gnutls_session_t session, gnutls_buffer_st* data) unsigned int bits = 0; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); @@ -413,20 +413,20 @@ proc_rsa_export_server_kx (gnutls_session_t session, _n_e = n_e; _n_m = n_m; - if (_gnutls_mpi_scan_nz (&session->key->rsa[0], data_m, _n_m) != 0) + if (_gnutls_mpi_scan_nz (&session->key.rsa[0], data_m, _n_m) != 0) { gnutls_assert (); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan_nz (&session->key->rsa[1], data_e, _n_e) != 0) + if (_gnutls_mpi_scan_nz (&session->key.rsa[1], data_e, _n_e) != 0) { gnutls_assert (); return GNUTLS_E_MPI_SCAN_FAILED; } - _gnutls_rsa_export_set_pubkey (session, session->key->rsa[1], - session->key->rsa[0]); + _gnutls_rsa_export_set_pubkey (session, session->key.rsa[1], + session->key.rsa[0]); /* VERIFY SIGNATURE */ diff --git a/lib/auth/srp.c b/lib/auth/srp.c index 835c87162b..b617d43676 100644 --- a/lib/auth/srp.c +++ b/lib/auth/srp.c @@ -53,14 +53,14 @@ const mod_auth_st srp_auth_struct = { }; -#define _b session->key->b -#define B session->key->B -#define _a session->key->a -#define A session->key->A -#define N session->key->client_p -#define G session->key->client_g -#define V session->key->x -#define S session->key->KEY +#define _b session->key.b +#define B session->key.B +#define _a session->key.a +#define A session->key.A +#define N session->key.client_p +#define G session->key.client_g +#define V session->key.x +#define S session->key.KEY /* Checks if a%n==0,+1,-1%n which is a fatal srp error. * Returns a proper error code in that case, and 0 when @@ -250,7 +250,7 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, gnutls_buffer_st* data) priv = epriv.ptr; cred = (gnutls_srp_client_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL); if (cred == NULL) { @@ -295,17 +295,17 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, gnutls_buffer_st* data) */ /* calculate u */ - session->key->u = _gnutls_calc_srp_u (A, B, N); - if (session->key->u == NULL) + session->key.u = _gnutls_calc_srp_u (A, B, N); + if (session->key.u == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - _gnutls_mpi_log ("SRP U: ", session->key->u); + _gnutls_mpi_log ("SRP U: ", session->key.u); /* S = (B - g^x) ^ (a + u * x) % N */ - S = _gnutls_calc_srp_S2 (B, G, session->key->x, _a, session->key->u, N); + S = _gnutls_calc_srp_S2 (B, G, session->key.x, _a, session->key.u, N); if (S == NULL) { gnutls_assert (); @@ -316,10 +316,10 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, gnutls_buffer_st* data) _gnutls_mpi_release (&_b); _gnutls_mpi_release (&V); - _gnutls_mpi_release (&session->key->u); + _gnutls_mpi_release (&session->key.u); _gnutls_mpi_release (&B); - ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key); + ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key); _gnutls_mpi_release (&S); if (ret < 0) @@ -373,18 +373,18 @@ _gnutls_proc_srp_client_kx (gnutls_session_t session, uint8_t * data, /* Start the SRP calculations. * - Calculate u */ - session->key->u = _gnutls_calc_srp_u (A, B, N); - if (session->key->u == NULL) + session->key.u = _gnutls_calc_srp_u (A, B, N); + if (session->key.u == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - _gnutls_mpi_log ("SRP U: ", session->key->u); + _gnutls_mpi_log ("SRP U: ", session->key.u); /* S = (A * v^u) ^ b % N */ - S = _gnutls_calc_srp_S1 (A, _b, session->key->u, V, N); + S = _gnutls_calc_srp_S1 (A, _b, session->key.u, V, N); if (S == NULL) { gnutls_assert (); @@ -396,10 +396,10 @@ _gnutls_proc_srp_client_kx (gnutls_session_t session, uint8_t * data, _gnutls_mpi_release (&A); _gnutls_mpi_release (&_b); _gnutls_mpi_release (&V); - _gnutls_mpi_release (&session->key->u); + _gnutls_mpi_release (&session->key.u); _gnutls_mpi_release (&B); - ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key); + ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key); _gnutls_mpi_release (&S); if (ret < 0) @@ -812,7 +812,7 @@ _gnutls_proc_srp_server_kx (gnutls_session_t session, uint8_t * data, priv = epriv.ptr; cred = (gnutls_srp_client_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL); if (cred == NULL) { @@ -936,7 +936,7 @@ _gnutls_proc_srp_server_kx (gnutls_session_t session, uint8_t * data, return ret; } - if (_gnutls_mpi_scan_nz (&session->key->x, hd, _n_g) != 0) + if (_gnutls_mpi_scan_nz (&session->key.x, hd, _n_g) != 0) { gnutls_assert (); return GNUTLS_E_MPI_SCAN_FAILED; diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index 18a96ab119..7ff8540a96 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -269,7 +269,7 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, entry = *_entry; cred = (gnutls_srp_server_credentials_t) - _gnutls_get_cred (state->key, GNUTLS_CRD_SRP, NULL); + _gnutls_get_cred (state, GNUTLS_CRD_SRP, NULL); if (cred == NULL) { gnutls_assert (); diff --git a/lib/auth/srp_rsa.c b/lib/auth/srp_rsa.c index 135b76215d..4f6eb30a71 100644 --- a/lib/auth/srp_rsa.c +++ b/lib/auth/srp_rsa.c @@ -98,7 +98,7 @@ gen_srp_cert_server_kx (gnutls_session_t session, gnutls_buffer_st* data) ddata.size = data->length; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); diff --git a/lib/ext/srp.c b/lib/ext/srp.c index d8a3aae05c..c9fad8dbdf 100644 --- a/lib/ext/srp.c +++ b/lib/ext/srp.c @@ -124,7 +124,7 @@ _gnutls_srp_send_params (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_CLIENT) { gnutls_srp_client_credentials_t cred = (gnutls_srp_client_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL); if (cred == NULL) return 0; diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index 8c8782b08b..e5bf67be38 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -189,7 +189,7 @@ server_send (gnutls_session_t session, gnutls_certificate_credentials_t cred; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) /* no certificate authentication */ return gnutls_assert_val (0); diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index 13eb63e546..9f6a0eac06 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -44,17 +44,17 @@ void gnutls_credentials_clear (gnutls_session_t session) { - if (session->key && session->key->cred) + if (session->key.cred) { /* beginning of the list */ auth_cred_st *ccred, *ncred; - ccred = session->key->cred; + ccred = session->key.cred; while (ccred != NULL) { ncred = ccred->next; gnutls_free (ccred); ccred = ncred; } - session->key->cred = NULL; + session->key.cred = NULL; } } @@ -99,22 +99,22 @@ gnutls_credentials_set (gnutls_session_t session, auth_cred_st *ccred = NULL, *pcred = NULL; int exists = 0; - if (session->key->cred == NULL) + if (session->key.cred == NULL) { /* beginning of the list */ - session->key->cred = gnutls_malloc (sizeof (auth_cred_st)); - if (session->key->cred == NULL) + session->key.cred = gnutls_malloc (sizeof (auth_cred_st)); + if (session->key.cred == NULL) return GNUTLS_E_MEMORY_ERROR; /* copy credentials locally */ - session->key->cred->credentials = cred; + session->key.cred->credentials = cred; - session->key->cred->next = NULL; - session->key->cred->algorithm = type; + session->key.cred->next = NULL; + session->key.cred->algorithm = type; } else { - ccred = session->key->cred; + ccred = session->key.cred; while (ccred != NULL) { if (ccred->algorithm == type) @@ -232,19 +232,17 @@ _gnutls_get_kx_cred (gnutls_session_t session, { int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; - return _gnutls_get_cred (session->key, + return _gnutls_get_cred (session, _gnutls_map_kx_get_cred (algo, server), err); } const void * -_gnutls_get_cred (gnutls_key_st key, gnutls_credentials_type_t type, int *err) +_gnutls_get_cred (gnutls_session_t session, gnutls_credentials_type_t type, int *err) { const void *retval = NULL; int _err = -1; auth_cred_st *ccred; - - if (key == NULL) - goto out; + gnutls_key_st * key = &session->key; ccred = key->cred; while (ccred != NULL) @@ -283,7 +281,7 @@ out: void * _gnutls_get_auth_info (gnutls_session_t session) { - return session->key->auth_info; + return session->key.auth_info; } /*- @@ -300,13 +298,13 @@ _gnutls_free_auth_info (gnutls_session_t session) dh_info_st *dh_info; rsa_info_st *rsa_info; - if (session == NULL || session->key == NULL) + if (session == NULL) { gnutls_assert (); return; } - switch (session->key->auth_info_type) + switch (session->key.auth_info_type) { case GNUTLS_CRD_SRP: break; @@ -362,10 +360,10 @@ _gnutls_free_auth_info (gnutls_session_t session) } - gnutls_free (session->key->auth_info); - session->key->auth_info = NULL; - session->key->auth_info_size = 0; - session->key->auth_info_type = 0; + gnutls_free (session->key.auth_info); + session->key.auth_info = NULL; + session->key.auth_info_size = 0; + session->key.auth_info_type = 0; } @@ -379,16 +377,16 @@ _gnutls_auth_info_set (gnutls_session_t session, gnutls_credentials_type_t type, int size, int allow_change) { - if (session->key->auth_info == NULL) + if (session->key.auth_info == NULL) { - session->key->auth_info = gnutls_calloc (1, size); - if (session->key->auth_info == NULL) + session->key.auth_info = gnutls_calloc (1, size); + if (session->key.auth_info == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - session->key->auth_info_type = type; - session->key->auth_info_size = size; + session->key.auth_info_type = type; + session->key.auth_info_size = size; } else { @@ -400,7 +398,7 @@ _gnutls_auth_info_set (gnutls_session_t session, * ciphersuite which is negotiated has different authentication * schema. */ - if (gnutls_auth_get_type (session) != session->key->auth_info_type) + if (gnutls_auth_get_type (session) != session->key.auth_info_type) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; @@ -414,20 +412,20 @@ _gnutls_auth_info_set (gnutls_session_t session, * certificate (in order to prevent revealing the certificate's contents, * to passive eavesdropers. */ - if (gnutls_auth_get_type (session) != session->key->auth_info_type) + if (gnutls_auth_get_type (session) != session->key.auth_info_type) { _gnutls_free_auth_info (session); - session->key->auth_info = calloc (1, size); - if (session->key->auth_info == NULL) + session->key.auth_info = calloc (1, size); + if (session->key.auth_info == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - session->key->auth_info_type = type; - session->key->auth_info_size = size; + session->key.auth_info_type = type; + session->key.auth_info_size = size; } } } diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h index 51ffb35c27..fe367e8bdf 100644 --- a/lib/gnutls_auth.h +++ b/lib/gnutls_auth.h @@ -47,7 +47,7 @@ typedef struct mod_auth_st_int uint8_t *, size_t); } mod_auth_st; -const void *_gnutls_get_cred (gnutls_key_st key, +const void *_gnutls_get_cred (gnutls_session_t session, gnutls_credentials_type_t kx, int *err); const void *_gnutls_get_kx_cred (gnutls_session_t session, gnutls_kx_algorithm_t algo, int *err); diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index d5912e9a28..afdc7de1ab 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -594,7 +594,7 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t session, return GNUTLS_E_INVALID_REQUEST; cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 84dcd707a6..5455ca35a8 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2477,7 +2477,7 @@ static int run_verify_callback(gnutls_session_t session, unsigned int side) int ret, type; cred = - (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, + (gnutls_certificate_credentials_t) _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); @@ -3108,7 +3108,7 @@ check_server_params (gnutls_session_t session, { int delete; gnutls_certificate_credentials_t x509_cred = - (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, + (gnutls_certificate_credentials_t) _gnutls_get_cred (session, cred_type, NULL); if (x509_cred != NULL) @@ -3143,7 +3143,7 @@ check_server_params (gnutls_session_t session, else if (cred_type == GNUTLS_CRD_ANON) { gnutls_anon_server_credentials_t anon_cred = - (gnutls_anon_server_credentials_t) _gnutls_get_cred (session->key, + (gnutls_anon_server_credentials_t) _gnutls_get_cred (session, cred_type, NULL); if (anon_cred != NULL) @@ -3158,7 +3158,7 @@ check_server_params (gnutls_session_t session, else if (cred_type == GNUTLS_CRD_PSK) { gnutls_psk_server_credentials_t psk_cred = - (gnutls_psk_server_credentials_t) _gnutls_get_cred (session->key, + (gnutls_psk_server_credentials_t) _gnutls_get_cred (session, cred_type, NULL); if (psk_cred != NULL) @@ -3229,7 +3229,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, */ cert_cred = - (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, + (gnutls_certificate_credentials_t) _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); @@ -3303,7 +3303,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, SRP credential too. */ if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) { - if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL)) + if (!_gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL)) { delete = 1; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 48a60eb9f2..1f103cb2c0 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -424,7 +424,7 @@ struct gnutls_key_st * for a client certificate verify */ }; -typedef struct gnutls_key_st *gnutls_key_st; +typedef struct gnutls_key_st gnutls_key_st; struct pin_info_st { diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 0cebd385f2..9654a5e578 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -79,7 +79,7 @@ int _gnutls_generate_master (gnutls_session_t session, int keep_premaster) { if (session->internals.resumed == RESUME_FALSE) - return generate_normal_master (session, &session->key->key, keep_premaster); + return generate_normal_master (session, &session->key.key, keep_premaster); else if (session->internals.premaster_set) { gnutls_datum_t premaster; @@ -306,7 +306,7 @@ _gnutls_send_client_certificate_verify (gnutls_session_t session, int again) /* if certificate verify is not needed just exit */ - if (session->key->crt_requested == 0) + if (session->key.crt_requested == 0) return 0; @@ -357,7 +357,7 @@ _gnutls_send_client_certificate (gnutls_session_t session, int again) int ret = 0; - if (session->key->crt_requested == 0) + if (session->key.crt_requested == 0) return 0; if (session->internals.auth_struct->gnutls_generate_client_certificate == @@ -651,7 +651,7 @@ _gnutls_recv_client_certificate (gnutls_session_t session) if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional != 0) ret = 0; else - session->key->crt_requested = 1; + session->key.crt_requested = 1; cleanup: _gnutls_buffer_clear(&buf); @@ -708,7 +708,7 @@ _gnutls_recv_client_certificate_verify_message (gnutls_session_t session) return 0; if (session->internals.send_cert_req == 0 || - session->key->crt_requested == 0) + session->key.crt_requested == 0) { return 0; } diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index a9a1ea036d..84a62b76f0 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -183,7 +183,7 @@ _gnutls_session_cert_type_supported (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_SERVER) { cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; @@ -341,14 +341,6 @@ gnutls_init (gnutls_session_t * session, unsigned int flags) _mbuffer_head_init (&(*session)->internals.handshake_send_buffer); _gnutls_handshake_recv_buffer_init(*session); - (*session)->key = gnutls_calloc (1, sizeof (struct gnutls_key_st)); - if ((*session)->key == NULL) - { - gnutls_free (*session); - *session = NULL; - return GNUTLS_E_MEMORY_ERROR; - } - (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */ gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS); @@ -467,33 +459,27 @@ gnutls_deinit (gnutls_session_t session) gnutls_credentials_clear (session); _gnutls_selected_certs_deinit (session); - if (session->key != NULL) - { - gnutls_pk_params_release(&session->key->ecdh_params); - _gnutls_mpi_release (&session->key->ecdh_x); - _gnutls_mpi_release (&session->key->ecdh_y); - - _gnutls_mpi_release (&session->key->KEY); - _gnutls_mpi_release (&session->key->client_Y); - _gnutls_mpi_release (&session->key->client_p); - _gnutls_mpi_release (&session->key->client_g); - - _gnutls_mpi_release (&session->key->u); - _gnutls_mpi_release (&session->key->a); - _gnutls_mpi_release (&session->key->x); - _gnutls_mpi_release (&session->key->A); - _gnutls_mpi_release (&session->key->B); - _gnutls_mpi_release (&session->key->b); - - /* RSA */ - _gnutls_mpi_release (&session->key->rsa[0]); - _gnutls_mpi_release (&session->key->rsa[1]); - - _gnutls_mpi_release (&session->key->dh_secret); - gnutls_free (session->key); - - session->key = NULL; - } + gnutls_pk_params_release(&session->key.ecdh_params); + _gnutls_mpi_release (&session->key.ecdh_x); + _gnutls_mpi_release (&session->key.ecdh_y); + + _gnutls_mpi_release (&session->key.KEY); + _gnutls_mpi_release (&session->key.client_Y); + _gnutls_mpi_release (&session->key.client_p); + _gnutls_mpi_release (&session->key.client_g); + + _gnutls_mpi_release (&session->key.u); + _gnutls_mpi_release (&session->key.a); + _gnutls_mpi_release (&session->key.x); + _gnutls_mpi_release (&session->key.A); + _gnutls_mpi_release (&session->key.B); + _gnutls_mpi_release (&session->key.b); + + /* RSA */ + _gnutls_mpi_release (&session->key.rsa[0]); + _gnutls_mpi_release (&session->key.rsa[1]); + + _gnutls_mpi_release (&session->key.dh_secret); memset (session, 0, sizeof (struct gnutls_session_int)); gnutls_free (session); diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 310627ca89..654810abbc 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -505,7 +505,7 @@ gnutls_certificate_get_ours (gnutls_session_t session) CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, NULL); cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL || cred->certs == NULL) { gnutls_assert (); @@ -566,7 +566,7 @@ gnutls_certificate_get_peers (gnutls_session_t int gnutls_certificate_client_get_request_status (gnutls_session_t session) { - return session->key->crt_requested; + return session->key.crt_requested; } /** diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 1d7128b3c2..309b267b3a 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -208,7 +208,7 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, } cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert (); |